Tall Burgundy Nightingale
High
The unidirectional token transfer in blacklisting operations will cause permanent loss of user funds for blacklisted users as tokens are seized upon blacklisting but not returned upon unblacklisting, allowing BLACKLISTER_ROLE to permanently confiscate user funds even after blacklist removal.
In Stablecoin.sol the design choice to transfer tokens to BLACKLISTER_ROLE in _onceBlacklisted without a corresponding return mechanism in removeBlackList is a mistake as it turns temporary blacklisting into permanent token confiscation.
User needs to have a token balance greater than 0
BLACKLISTER_ROLE needs to call addBlackList to blacklist the user
_onceBlacklisted function needs to transfer user's balance to BLACKLISTER_ROLE
BLACKLISTER_ROLE needs to call removeBlackList to unblacklist the user
None
User has 1000 tokens in their account
BLACKLISTER_ROLE blacklists user
_onceBlacklisted transfers all 1000 tokens to BLACKLISTER_ROLE
BLACKLISTER_ROLE removes user from blacklist
User's blacklist status is cleared but their 1000 tokens remain with BLACKLISTER_ROLE
User has effectively lost all their tokens despite being unblacklisted
Users suffer permanent loss of 100% of their token balance when blacklisted, even if later unblacklisted.
The BLACKLISTER_ROLE gains permanent ownership of these tokens.
No response
Track seized balances when users are blacklisted and return them on removing from blacklist
contract Stablecoin is ERC20PermitUpgradeable, Blacklist {
// Add mapping to store seized balances
mapping(address => uint256) private _seizedBalances;
function _onceBlacklisted(address user) internal override {
uint256 balance = balanceOf(user);
if(balance > 0) {
_seizedBalances[user] = balance;
_transfer(user, address(this), balance); // Transfer to contract instead of BLACKLISTER_ROLE
}
}
function _onceUnblacklisted(address user) internal virtual {
uint256 seizedBalance = _seizedBalances[user];
if(seizedBalance > 0) {
delete _seizedBalances[user];
_transfer(address(this), user, seizedBalance);
}
}
}